Oneboxing google drive videos does not work

Feature
1

We make active use of google drive in my organization, and would like to encourage sharing of screencasts and webinar recordings using google drive via discourse. I just attempted this and it does not onebox properly.

Am I doing this wrong, or can oneboxing of google drive videos be considered as a new feature? It seems to me that this should be possible via these steps:

  • upload video to drive, wait for it to process
  • share video with public (“anyone on the internet can find and view”)
  • get embed code
  • paste URL from embed code on its own line in discourse post
1 Like
2

Does Google Drive support oEmbed or Open Graph summaries of its content?

This is a bit like dumping a video in Dropbox and expecting it to be YouTube? It’s a file sharing service, not a video site…

3

I don’t know about oEmbed or Open Graph summaries, but drive supports embedding videos and provides embed code to copy and paste into web pages.

4

Are these public URLs? Remember that onebox is an anonymous user, so it won’t work with anything that requires auth, and that’s by design.

(Most YouTube videos are viewable to anyone, for example… because it’s a video sharing service, not file storage.)

5

yeah they are public

6

Well, a raw video file works:

https://www.sample-videos.com/video/mp4/720/big_buck_bunny_720p_1mb.mp4

7

Can you copy/paste the embed code into a code block here? Chances are you will have to have a plugin that whitelists the tags they use.

8 
<iframe src="https://drive.google.com/file/d/0B6YHEHRKfGNLZnBqcTUzREc2OFk/preview" width="640" height="480"></iframe>

that’ll do it.

9

More info:

If you whitelist drive.google.com for onebox, it does attempt to load it, but for me it is throwing a error regarding SAMEORIGIN (then use the src attribute URL in your post)

Refused to display 'https://video.google.com/get_player?docid=0B6YHEHRKfGNLZnBqcTUzREc2OFk&ps=docs&partnerid=30&cc_load_policy=1' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

I’m unsure how to get past that.

1 Like
10

I just tried the information at
https://meta.discourse.org/t/x-frame-options-sameorigin-header-prevents-embedding/14928/2?u=cpradio

And the onebox shows the oembed data, but posting it still results in a blank post with the above error in the dev console. I feel like I’m closer, but it still isn’t quite right.

2 Likes
11

It’s because video.google.com needs to unset that header, not your site.

12

Ah. Okay, so that is why it is getting tricky. I figured it must be somewhere else, but I lost time to dig into it. Thanks for taking a quick look.

14

Looks like embedding videos hosted on google drive is working now, including the example I gave above. Taking the UrL on its own will create a onebox. But I just came across a problem with embedding .aac audio hosted on google drive - it will not onebox correctly. Anyone have any ideas what’s going on and can it be fixed?

update: ah, well… the video appears to display in the preview but not in the final post after saving.

aac file url: https://drive.google.com/file/d/0B288V3vGChdtLWItTFhFU2lzS0U/preview

https://drive.google.com/file/d/0B288V3vGChdtLWItTFhFU2lzS0U/preview

image url: https://drive.google.com/file/d/0B6YHEHRKfGNLZnBqcTUzREc2OFk/preview

https://drive.google.com/file/d/0B6YHEHRKfGNLZnBqcTUzREc2OFk/preview

1 Like
15 
Refused to display 
'https://video.google.com/get_player
?docid=0B6YHEHRKfGNLZnBqcTUzREc2OFk
&ps=docs&partnerid=30&cc_load_policy=1'
in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

The Preview is an <img> not an <iframe>

16

let me try a different URL - this is the link I get directly from google drive. Also appears not to work as onebox. I’m just not an expert at this. :confused:

https://drive.google.com/file/d/0B288V3vGChdtLWItTFhFU2lzS0U/view?usp=sharing

17

It’s a security thing

That returns a Response Header

alt-svc:quic=":443"; ma=2592000; v="35,34"
cache-control:no-cache, no-store, max-age=0, must-revalidate
content-encoding:gzip
content-type:text/html; charset=utf-8
date:Tue, 31 Jan 2017 19:45:19 GMT
expires:Mon, 01 Jan 1990 00:00:00 GMT
pragma:no-cache
server:GSE
status:200
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-robots-tag:noindex, nofollow, nosnippet
x-xss-protection:1; mode=block

The SAMEORIGIN bit

SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page itself.

5 Likes
18

I just ran into this limitation myself, but it’s possible. You’ll have to whitelist the iframe source domain https://drive.google.com in allowed iframes.

Then grab the Embed item HTML which will look like this:

<iframe src="https://drive.google.com/file/d/1UQyQdaQyuDxbUm5krcB7vckNwwhPHCJi/preview" width="640" height="480"></iframe>

If working with a Share with others link, it will look like this:

https://drive.google.com/file/d/1UQyQdaQyuDxbUm5krcB7vckNwwhPHCJi/view?usp=sharing

so you’ll have to replace /view?usp=sharing with /preview for the iframe to work.

6 Likes
19
5 Likes
20

Awesome!! Thank you!! :slight_smile:

1 Like